Spotlight on Surveillance

June 2007:“National Network” of Fusion Centers Raises Specter of COINTELPRO

EPIC’s “Spotlight on Surveillance”
project scrutinizes federal government programs that affect individual
privacy. For more information, see previous Spotlights
on Surveillance. This month,
Spotlight shines on fusion centers, which have received $380 million in
federal grants and millions more from state governments.[1] There are 43 current and planned fusion
centers in the U.S., and some states have more than one.[2]

A “fusion center,” according to the Department
of Justice, is a “mechanism to exchange information and intelligence, maximize
resources, streamline operations, and improve the ability to fight crime
and terrorism by analyzing data from a variety of sources,” which includes
private sector firms and anonymous tipsters.[3] When
local and state fusion centers were first created, they were purely oriented
toward counterterrorism, but, over time and with the escalating involvement
of federal officials, fusion centers “have increasingly gravitated toward
an all-crimes and even broader all-hazards approach.”[4]

The expansion of fusion center goals and
increasing interaction with federal and private sector entities leads to
a massive accumulation of data, raising questions of possible misuse or
abuse. The Department of Homeland Security (DHS) seeks to create a “national
network” of local and state fusion centers, tied into DHS’s “day-to-day
activities.” This national network combined with the Department of Homeland
Security’s plan to condition grant funding based on fusion center “compliance”
with the federal agency’s priorities inculcates DHS with enormous domestic
surveillance powers and evokes comparisons the publicly condemned domestic
surveillance program COINTELPRO.

“Fusion centers” collect an enormous amount
of data from law enforcement agencies, “public safety components, including
fire, health, transportation, agriculture, and environmental protection,”
and private sector organizations.[5] A few
state fusion centers had begun operations before September 11, 2001, but
afterward, the number of centers grew rapidly.

A few months after the International Association
of Chiefs of Police held a March 2002 summit on criminal intelligence,
the group recommended the creation of a “Criminal Intelligence Coordinating
Council,” to create “a nationally coordinated, but locally driven, criminal
intelligence generation and sharing process.”[6] The
Council would include local, state, federal and international agencies.[7] The
group also recommended against limiting intelligence sharing to terrorism-related
data, suggesting instead that all “criminal intelligence” data be shared.[8] Criminal intelligence was defined as
“the combination of credible information with quality analysis – information
that has been evaluated and from which conclusions have been drawn.”[9]

A year later, the Global Justice Information
Sharing Initiative (part of the Justice Department) also recommended the
creation of a “Criminal Intelligence Coordinating Council,” which would
include private sector organizations as well as local, state, tribal, federal
and international agencies.[10] Global’s October 2003
report, “The National Criminal Intelligence Sharing Plan,” sought to find
“solutions and approaches for a cohesive plan to improve our nation’s ability
to develop and share criminal intelligence.”[11] Global highlighted
several issues including: “the need to increase availability of information,
from classified systems to local and state law enforcement agencies, for
the prevention and investigation of crime in their jurisdictions”; “the
need to identify an intelligence information sharing capability that can
be widely accessed by local, state, tribal, and federal law enforcement
and public safety agencies”; and “the need to ensure that individuals’
constitutional rights, civil liberties, civil rights, and privacy interests
are protected throughout the intelligence process.”[12]

In May 2004, the Department of Justice announced
it had followed up on Global’s recommendation and created the Criminal
Intelligence Coordinating Council and said it “will serve to set national-level
policies to implement the [National Criminal Intelligence Sharing Plan]
and monitor its progress on the state and local level.”[13] In
December 2004, the President’s Homeland Security Advisory Council recommended
“each State should establish an information center that serves as a 24/7
‘all-source,’ multi-disciplinary, information fusion center,” yet noted
this issue was “to be further investigated by the Working Group.”[14]

Also in December 2004, Congress passed the
Intelligence Reform and Terrorism Prevention Act of 2004, which directed
the president to “create an information sharing environment for the sharing
of terrorism information in a manner consistent with national security
and with applicable legal standards relating to privacy and civil liberties.”[15] Notably, the Act defined “information
sharing environment” as “an approach that facilitates the sharing of terrorism
information, which approach may include any methods determined necessary
and appropriate for carrying out this section.”[16] The
Information Sharing Environment Program (managed by former Ambassador Thomas
E. McNamara) was placed under the Office of the Director of National Intelligence
(J. Mike McConnell).

In July 2005, when fusion centers already
were up and running in a number of states, the Global released its first
set of guidelines for fusion centers, called “Fusion Center Guidelines:
Developing and Sharing Information and Intelligence in a New Era -- Guidelines
for Establishing and Operating Fusion Centers at the Local, State, and
Federal Levels -- the Law Enforcement Intelligence Component.” The set
of guidelines currently followed, “Fusion Center Guidelines: Developing
and Sharing Information and Intelligence in a New Era -- Guidelines for
Establishing and Operating Fusion Centers at the Local, State, and Federal
Levels -- Law Enforcement Intelligence, Public Safety and the Private Sector,”
was published in August 2006.[17]

The Department of Homeland Security began
funding state fusion centers in Fiscal Year 2004; as of December 2006,
the agency has distributed $380 million in grants to state fusion centers
and deployed federal personnel to these centers, as well.[18] Today,
there are 43 completed and planned state fusions centers nationwide; some
states have more than one.[19]

Voluntary Guidelines Do Not Ensure Protection
of Privacy and Civil Liberties

The Federal Guidelines envision a plethora of information entering
and exiting the local and state fusion centers.

Though the 18 federal Fusion Center Guidelines
include the recommendation that state fusion centers “develop, publish
and adhere to a privacy and civil liberties policy,” and Global published
a report on privacy and civil liberties in October 2006, “Privacy Policy:
Development Guide and Implementation Templates,” questions remain about
the strength of protections for the personal data of U.S. citizens.[20] Such safeguards are especially important
as the Guidelines recommend state fusion centers “integrate technology,
systems, and people” of federal, state, local, tribal, public and private
sector entities, which are known to be error-filled.[21] Currently,
the Guidelines are voluntary, but that may be changed by pending legislation
that will be discussed later. And the Guidelines may be changed at any
time by the departments of Justice or Homeland Security.

When state fusion centers create and enforce
their privacy policies, the federal Fusion Center Guidelines recommend
that fusion centers “consider” Fair Information Practices, which are based
on five principles:

“There must be no personal data record-keeping
systems whose very existence is secret,

There must be a way for a person to find
out what information about the person is in a record and how it is used,

There must be a way for a person to prevent
information about the person that was obtained for one purpose from being
used or made available for other purposes without the person’s consent,

There must be a way for a person to correct
or amend a record of identifiable information about the person,

Any organization creating, maintaining,
using, or disseminating records of identifiable personal data must assure
the reliability of the data for their intended use and must take precautions
to prevent misuses of the data.”[24]

However, there is no mandate for the state
fusion centers to follow these Guidelines or Fair Information Practices,
and the Guidelines themselves are vague as to what privacy and security
safeguards are strong. There no requirement that state fusion centers ensure
the protection of individuals’ privacy and civil liberty rights. Therefore,
state fusion centers could create and use records full of inaccurate data
and refuse to allow judicially enforceable redress, access and correction.

In testimony to the National Commission
on Terrorist Attacks Upon the United States (better known as the 9/11 Commission),
EPIC Executive Director Marc Rotenberg explained the central findings from
the Privacy Act of 1974, which remain relevant. In 1974, Congress said
that:

The privacy of an individual is directly
affected by the collection, maintenance, use, and dissemination of personal
information by federal agencies.

The opportunities for an individual to
secure employment, insurance, and credit, and his right to due process,
and other legal protection are endangered by the misuse of certain information
systems.

In order to protect the privacy of individuals
identified in information systems maintained by federal agencies, it
is necessary and proper for the Congress to regulate the collection,
maintenance, use and dissemination of information by such agencies.[25]

The Privacy Act continues to play an important
role in safeguarding the rights of Americans today. Such judicially enforceable
rights are necessary, because it is difficult for agencies to ensure such
a vast amount of data is being used according to privacy and civil liberty
requirements. This is especially important in the Department of Homeland
Security’s Office of Civil Liberties (tasked with providing privacy and
civil liberties training fusion centers) is one-twentieth the size of the
Department of Justice’s Civil Rights Division. The discrepancy remains
though DHS has 208,000 employees, almost twice the number of Department
of Justice’s 104,000 employees.[26]

Databases Used By Fusion Centers Are
Error-Filled

It is well known that the databases that
the fusion centers will be searching and linking together are full of mistakes.
For example, the Social Security Administration’s Inspector General estimated
in December 2006 that about 17.8 million records in Numerical Identification
File have discrepancies with name, date of birth or death, or citizenship
status.[27] In the same report, the Inspector
General also found numerous problems in the databases of Citizenship and
Immigration Services.[28]

At the Kentucky Office of Homeland Security, the Operations and
Prevention Division "is focused on risk assessments and intelligence
gathering. The chief objective of this division is to [establish]
an Information and Intelligence Fusion Center."

Another relevant example concerns the Terrorist
Screening Center. In 2003, Homeland Security Presidential Directive No.
6 consolidated administration of the no-fly, selectee and other security
watch lists under the jurisdiction of the Terrorist Screening Center.[29] When the Department of Justice Inspector General reported
on the Center in June 2005, “determined that the TSC could not ensure that
the information in that database was complete and accurate.”[30] He said, “Our review of the consolidated watch list
identified a variety of issues that contribute to weaknesses in the completeness
and accuracy of the data, including variances in the record counts between
[two versions of the Terrorist Screening Database], duplicate records,
missing or inappropriate handling instructions or categories, missing records,
and inconsistencies in identifying information between TSDB and source
records.”[31]

Earlier this year, the head of the Transportation
Security Administration said that the watch lists were being reviewed,
and he expected to cut the list of 325,000 names in half.[32] Last year, the director of TSA’s redress office revealed
that more than 30,000 people who are not terrorists have asked the agency
to remove their names from the lists since September 11, 2001.[33]

Also, there have been numerous examples
demonstrating the consequences of inaccurate and incomplete information
in the FBI’s National Crime Information Center (NCIC) system.[34] In
one case, a Los Angeles man was arrested five times, three at gunpoint,
due to an error in the NCIC.[35] An escaped prisoner had assumed the
identity of an innocent person and then committed a robbery and murder.
In another instance, a Phoenix resident who was pulled over for driving
the wrong way down a one-way street was arrested after an NCIC inquiry
erroneously revealed an outstanding misdemeanor arrest warrant that had
been quashed weeks earlier.[36]

Even though these incidents demonstrate
that the FBI should work to improve the accuracy of this system of records,
in 2003, the FBI chose to establish a new rule exempting the NCIC system,
the Central Records System and National Center for the Analysis of Violent
Crime systems from the accuracy requirements of the Privacy Act of 1974.[37] For the previous 30 years, the FBI
operated the NCIC database with the Privacy Act accuracy requirement in
place. The relevant provision requires that any agency that maintains a
system of records, “maintain all records which are used by the agency in
making any determination about any individual with such accuracy, relevance,
timeliness, and completeness as is reasonably necessary to assure fairness
to the individuals in the determination.”[38] The NCIC database provides more than
80,000 law enforcement agencies with access to a computerized network of
more than 39 million records regarding criminal activity. Even more agencies
and records will be involved through state fusion centers, yet the FBI
exempted the database from the Privacy Act requirement of accuracy.

The private sector databases that the federal
Guidelines recommend state fusion centers use are also full of mistakes.
For example, when a news reporter looked up his file on databroker Intellius.com,
he found the record said he was charged with child molestation (he wasn’t)
and that he had a close male relative who was convicted of manslaughter
(the reporter had never even heard of the man).[39] There
are numerous errors in the records of databroker ChoicePoint, used by the
FBI and IRS. A man bought his ChoicePoint record and found that the file
showed he had died in 1976.[40] Another man’s report included numerous
crimes that he never committed.[41] “In Florida I’m a female
prostitute (named Ronnie); in Texas I’m currently incarcerated for manslaughter,”
according to the man.[42] Also, “In New Mexico I’m a dealer
of stolen goods. Oregon has me as a witness tamperer. And in Nevada --
this is my favorite -- I’m a registered sex offender.”[43] The record of one woman
listed “possible Texas criminal history” even though she has been to Texas
only twice and has not been charged with or committed crimes there.[44] Her
record also included “three automobiles she never owned and three companies
listed that she never owned or worked for.”[45]

Not only does erroneous data affect citizens,
but it also harms security investigations by creating confusion and mistakes.
Therefore, it is paramount that the state fusion centers follow the Fair
Information Practices and apply all the Privacy Act requirements of accuracy,
purpose limitation, notice, access, correction, and judicially enforceable
redress.

Extensive Domestic Surveillance Powers
Given to Department of Homeland Security

In a recent report, the Congressional Research
Service (CRS) interviewed “the majority of state fusion center leaders
and operational directors . . . [and] stakeholders within the federal government”
to learn more about fusion centers.[46] CRS
found that, though local and state fusion centers were originally designed
to be local- or state-wide in jurisdiction and purely oriented toward counterterrorism,
“they have increasingly gravitated toward an all-crimes and even broader
all-hazards approach.”[47] A part of this broadening of fusion
center missions is the Department of Homeland Security’s goal of creation
a “national network” of fusion centers.[48]

State fusion centers began as “the outgrowth
or expansion of an existing intelligence and/or analytical unit or division
within the state’s law enforcement agency.”[49] However,
the presence of DHS officials has grown. The agency has “embedded” federal
officials at many local and state fusion centers, and has said it seeks
to deploy federal staff to all of them.[50] DHS seeks to tie fusion
centers into the agency’s “day-to-day operations,” linking all of the centers
together.[51] The federal Fusion Center Guidelines
recommend that fusion centers “allow for future connectivity to other local,
state, tribal, and federal systems.”[52]

Also, the federal Guidelines recommend that,
“nontraditional collectors of intelligence, such as public safety entities
and private sector organizations” could be “‘fused’ with law enforcement
data.”[53] The use of private sector data
in a national network of fusion centers raises the possibility that such
data could be misused, allowing the government to circumvent warrant requirements
and state or federal privacy laws or regulations.

Current legislation seeks to expand the
power of the Department of Homeland Security over local and state fusion
centers. In the House, H.R. 1, “Improving America’s Security Act
of 2007,” conditions federal grant funding for the fusion centers upon
the centers’ fulfillment of standards set by the Department of Homeland
Security.[54] If
the fusion centers “fail[] to substantially comply” with DHS regulations
or guidelines, DHS can “terminate payment,” “reduce amount of payment,”
or “limit the use of grant funds.”[55] This can continue “until such time
as the Secretary determines that the grant recipient is in full compliance.”[56] The
Department of Homeland Security already is contemplating such conditioning
of grant funding.[57] Such a development moves the power
of setting priorities for fusion centers away from state and local law
enforcement and to the Department of Homeland Security. As envisioned,
the Department of Homeland Security would be the de facto directors of this national network of local and state
fusion centers.

The Specter of COINTELPRO

A national network of state fusion centers,
working with the federal government, comes perilously close to a domestic
surveillance agency, which has been rejected by the public and law enforcement
officials. In testimony to the 9/11 Commission, CIA Director Louis Freeh
and FBI Director Robert Mueller III both rejected the idea of a domestic
surveillance agency.[58] Mueller told the Commission, “I do
believe that creating a separate agency to collect intelligence in the
United States would be a grave mistake.”[59]

Such a domestic surveillance system invites
comparison to the FBI’s Counter Intelligence Program (COINTELPRO), in which
the agency abused its investigatory powers to harass and disrupt political
opponents.[60] The FBI’s own documents show that
the agency engaged in extensive surveillance and infiltration of political
groups in the 1950s and 60s in order to disrupt a broad range of legitimate
First Amendment activity. FBI agents probed groups that were suspected
of having a Communist ideology. Individuals who had engaged in no criminal
wrongdoing were investigated and arrested. The FBI built dossiers on the
Rev. Martin Luther King, Jr., the National Organization for Women (NOW),
environmental advocates, the American Indian Movement.

In 1975, the Senate Select Committee to
Study Governmental Operations With Respect to Intelligence Activities (more
commonly known as the Church committee because it was headed by Idaho Sen.
Frank Church) and House Select Intelligence Committee (called the Pike
committee after its chairman, N.Y. Rep. Otis Pike) began investigating
reports of possible illegal, improper, or unethical activities conducted
by the FBI, the CIA, and the NSA.[61] The committees released volumes of
findings and recommendations. Among them were the plan of the FBI to summarily
arrest thousands of Americans in case of a national emergency; that the
FBI had investigated the NAACP for 25 years to determine whether it was
a Communist front; that the FBI had burglarized political groups to gain
information on their activities; and that the FBI kept files on one million
Americans.

These abuses led to the creation of the
Attorney General’s Guidelines limiting the ability of the FBI to intimidate
activists. Despite these, however, the agency continued to investigate
groups that engaged in legitimate political activities. The FBI investigated
the Committee in Solidarity with the People of El Salvador (CISPES) in
the 1980s.[62] The FBI also established in the 1980s
the “Library Awareness Program,” a system to obtain library records to
monitor reading habits.[63] The FBI later revealed that it had
investigated hundreds of Americans -- librarians and others – because
they protested the program. After the passage of the USA PATRIOT Act, the
FBI again began searching library records to monitor reading habits.[64] The
FBI has detailed more than 230 agents to fusion centers nationwide. [65]

Questions also have been raised about Homeland
Security officials. In December 2003, just nine months after the Department
of Homeland Security had been created, an officer from the DeKalb County,
Georgia, Division of Homeland Security observed and photographed vegans
who were peacefully protesting outside a Honey Baked Ham store.[66] When
two protesters noticed they were being photographed, they wrote down the
license plate of the man’s unmarked government.[67] After
they refused to turn over the paper with the license plate number, the
Homeland Security officer arrested them.[68] In 2004, two plainclothes
Contra Costa County sheriff’s deputies identified themselves as Homeland
Security agents while monitoring a protest by striking Safeway workers.[69]

In February 2006, two Montgomery County,
Md., Homeland Security agents walked into a suburban Bethesda library,
demanded the attention of all the patrons, and told patrons that viewing
Internet pornography was illegal.[70] It is not illegal to
view pornography in a public library, and Montgomery County simply “asks
customers to be considerate of others when viewing Web sites.”[71] The
Washington Post said, “After the two men made their announcement, one of
them challenged an Internet user’s choice of viewing material and asked
him to step outside, according to a witness. A librarian intervened . .
. [and later a] police officer arrived. In the end, no one had to step
outside except the uniformed men.”[72] The men were later reassigned, but
the incident raised questions about why exactly Maryland Homeland Security
agents thought it part of their Homeland Security duties to enter a public
library, survey the patrons, and then incorrectly tell patrons that their
legal viewing habits were illegal acts.

In describing COINTELPRO, the Church Committee
said the FBI’s actions “can only be described as ‘abhorrent in a free Society.’”[73] The Committee went on to try to answer
the questions, “What happened to turn a law enforcement agency into a law
violator? Why do those involved still believe their actions were not only
defensible, but right?”[74] The answers were found in a combination
of factors, the Committee said, including, “the availability of information
showing the targets’ vulnerability gathered through the unrestrained collection
of domestic intelligence.”[75] Such
unrestrained domestic surveillance could easily happen again under the
national network of state fusion centers envisioned by the Department of
Homeland Security.

The Dangers of Haphazard Data Collection

A “fusion center,” is a “mechanism to exchange
information and intelligence, maximize resources, streamline operations,
and improve the ability to fight crime and terrorism by analyzing data
from a variety of sources,” which includes private sector firms and anonymous
tipsters.[76] This creates a massive amount of data
and the problem with intelligence gathering, according to the Deputy Director
of the FBI, is “not a lack of information, but rather a flood of it. It's
like trying to sip water from a firehose.”[77] The
Deputy Director said that he thought fusion centers would help “turn all
that raw information into valuable knowledge,”[78] but such haphazard
data collection does not help with counterterrorism. A “flood of data,”
in fact, has been shown to harm counterterrorism efforts by distracting
agents from targeted investigations.

One FBI supervisory special agent working
for the “Joint Regional Intelligence Center” recently discussed the “tips”
that are called into the agency. She said that “it’s hard to keep the leads
straight,” and that it is “common” for people to anonymously file complaints
about their neighbors.[79] This also raises questions about the
reliability and accuracy of the data collected and used by fusion centers.

Another case about the drawbacks of vast,
unfiltered data collection concerns President Bush’s secret 2002 order
allowing the NSA to conduct warrantless surveillance of international telephone
and Internet communications on American soil, which was disclosed in December
2005.[80] The secret program created a large
list of phone numbers and e-mail addresses linked to possible terrorists.
This list regularly was sent to the FBI, but virtually all of that data
led to dead ends or innocent Americans, according to officials interviewed
by the New York Times.[81] “F.B.I. officials repeatedly complained
to the spy agency that the unfiltered information was swamping investigators,”
reported the New York Times.[82]

[25] Marc Rotenberg, Exec. Dir., EPIC, Testimony
and Statement for the Record at a Hearing on Security and Liberty: Protecting
Privacy, Preventing Terrorism” Before the Nat’l Comm’n on Terrorist Attacks
Upon the United States (Dec. 8, 2003), available
at http://www.epic.org/privacy/terrorism/911commtest.pdf.

[60]See Ward
Churchill and Jim Vander Wall, The
COINTELPRO Papers: Documents from the FBI’s Secret Wars Against Dissent
in the United States (2nd ed. 2002).

[61] James Bamford, Body of Secrets: Anatomy of the Ultra-Secret
National Security Agency 434 (2001); see also, Paul Wolf, COINTELPRO:
A collection of documents on federal law enforcement investigation of political
activities, http://www.icdc.com/~paulwolf/cointelpro/cointel.htm.